US10104055B2 - System and process of protecting client side information in electronic transactions - Google Patents

System and process of protecting client side information in electronic transactions Download PDF

Info

Publication number
US10104055B2
US10104055B2 US15/167,557 US201615167557A US10104055B2 US 10104055 B2 US10104055 B2 US 10104055B2 US 201615167557 A US201615167557 A US 201615167557A US 10104055 B2 US10104055 B2 US 10104055B2
Authority
US
United States
Prior art keywords
hash function
host side
generated
server
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US15/167,557
Other versions
US20170346801A1 (en
Inventor
David Joseph Ponder
Stephen Wang
Matthew Richmond
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US15/167,557 priority Critical patent/US10104055B2/en
Publication of US20170346801A1 publication Critical patent/US20170346801A1/en
Application granted granted Critical
Publication of US10104055B2 publication Critical patent/US10104055B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Definitions

  • the embodiments herein relate generally to network security and more particularly, to systems and processes for protecting client side information in electronic transactions.
  • a routine online purchase typically involves having the user provide sensitive information including identity, residence, and financial information.
  • conventional online transactions pull the transaction details onto the host side and store the details on the host platform's server.
  • the host platform may conveniently access the stored transaction details for subsequent transactions.
  • this makes host servers great targets for data thieves because multiple individual's information is conveniently accessible in one location which if broken into, can become a massive data breach worth the effort.
  • a computer program product for performing network based transactions and protecting client information
  • the computer program product comprising a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code being configured to: receive by a processor on a host side server of a network, a message to begin processing an online transaction; transmit by the processor on the host side of the network a message to a client side server to identify transaction information of the online transaction and generate a first client side hash function representing the identified transaction information; generate, in the host side server, a first host side hash function representing the identified transaction information; compare the generated first client side hash function to the generated first host side hash function; determine whether the generated first client side hash function matches the generated first host side hash function; in response to the generated first client side hash function matching the generated first host side hash function, store the generated first host side hash function in the host side server without storing the identified transaction information in the host side server; and process by the host side server, the online transaction.
  • a method of performing network based transactions and protecting client information comprises receiving by a processor on a host side server of a network, a message to begin processing an online transaction; transmitting by the processor on the host side of the network a message to a client side server to identify transaction information of the online transaction and generate a first client side hash function representing the identified transaction information; generating, in the host side server, a first host side hash function representing the identified transaction information; comparing the generated first client side hash function to the generated first host side hash function; determining whether the generated first client side hash function matches the generated first host side hash function; in response to the generated first client side hash function matching the generated first host side hash function, storing the generated first host side hash function in the host side server without storing the identified transaction information in the host side server; and processing by the host side server, the online transaction.
  • FIG. 1 is a block diagram of a computer system/server according to an embodiment of the subject technology.
  • FIG. 2 is a block diagram of a network according to an embodiment of the subject technology.
  • FIG. 3 is a flowchart of a method of performing network based transactions and protecting client information in an initial transaction according to an embodiment of the subject technology.
  • FIG. 4 is a flowchart of a method of performing network based transactions and protecting client information in a secondary transaction according to an embodiment of the subject technology.
  • FIG. 5 is a flowchart of a method of performing network based transactions and protecting client information in an initial transaction according to another embodiment of the subject technology.
  • FIG. 6 is a flowchart of a method of performing network based transactions and protecting client information in a secondary transaction according to another embodiment of the subject technology.
  • FIG. 7 is a flowchart of a method of auditing transactions and associated hash functions in a system according to an embodiment of the subject technology.
  • embodiments of the disclosed invention provide a system and process that identifies electronic transactions and allows re-processing of the transactions without needing to store transaction details on the host or merchant side.
  • transaction details are stored on the client side of a transaction until a hash security function is confirmed so that the details are immune from being intercepted on the host side of the transaction.
  • FIG. 1 a schematic of an example of a computer system/server 10 is shown.
  • the computer system/server 10 is shown in the form of a general-purpose computing device.
  • the components of the computer system/server 10 may include, but are not limited to, one or more processors or processing units 16 , a system memory 28 , and a bus 18 that couples various system components including the system memory 28 to the processor 16 .
  • the computer system/server 10 may perform functions as different machine types depending on the role in the system the function is related to.
  • the computer system/server 10 may be for example, personal computer systems, server computer systems, tablet devices, mobile telephone devices, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, and distributed cloud computing environments that include any of the above systems or devices, and the like.
  • the computer system/server 10 may be described in the general context of computer system executable instructions, such as program modules, being executed by a computer system (described for example, below).
  • the computer system/server 10 may be a cloud computing node connected to a cloud computing network (not shown).
  • the computer system/server 10 may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote computer system storage media including memory storage devices.
  • the computer system/server 10 may typically include a variety of computer system readable media. Such media could be chosen from any available media that is accessible by the computer system/server 10 , including non-transitory, volatile and non-volatile media, removable and non-removable media.
  • the system memory 28 could include one or more computer system readable media in the form of volatile memory, such as a random access memory (RAM) 30 and/or a cache memory 32 .
  • RAM random access memory
  • a storage system 34 can be provided for reading from and writing to a non-removable, non-volatile magnetic media device typically called a “hard drive” (not shown).
  • the system memory 28 may include at least one program product 40 having a set (e.g., at least one) of program modules 42 that are configured to carry out the functions of embodiments of the invention.
  • the program modules 42 may execute via the processor 16 , actions related to generating a hash for a transaction, comparing hashes from the client side to hashes of the host side, processing transaction details, and delivering/receiving transaction processing results.
  • the computer system/server 10 may also communicate with one or more external devices 14 such as a keyboard, a pointing device, a display 24 , etc.; and/or any devices (e.g., network card, modem, etc.) that enable the computer system/server 10 to communicate with one or more other computing devices. Such communication can occur via Input/Output (I/O) interfaces 22 .
  • the computer system/server 10 can communicate with one or more networks such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) via a network adapter 20 .
  • the network adapter 20 may communicate with the other components of the computer system/server 10 via the bus 18 .
  • aspects of the disclosed invention may be embodied as a system, method or process, or computer program product. Accordingly, aspects of the disclosed invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module,” or “system.” Furthermore, aspects of the disclosed invention may take the form of a computer program product embodied in one or more computer readable media having computer readable program code embodied thereon.
  • a computer readable storage medium may be any tangible or non-transitory medium that can contain, or store a program (for example, the program product 40 ) for use by or in connection with an instruction execution system, apparatus, or device.
  • a computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
  • the system 100 may connect a client side 110 to a host side 130 through a network 120 .
  • the network 120 may include a server 125 which may serve as an intermediary between the client side 110 and the host side 130 .
  • the client side, the server 125 , and the host side may each include a software embodiment of the invention for conducting transactions between the client side 110 and the host side 130 .
  • the client side 110 device(s), the host side 130 device(s), and the server 125 may function for example, under the description the computer system/server 10 of FIG. 1 .
  • methods for performing network based transactions provide security for the user by maintaining stored records of transaction details on the client side 110 while providing the transaction details to the host side 130 only for the purposes of generating hash functions and executing the transaction once hash authentication is confirmed.
  • the end user is thus protected from for example, breaches of security on the host side 130 which expose sensitive client information to hackers and identity thieves who target databases storing multiple client users' personal information.
  • a line 201 conceptually represents the border between the client side and the host side.
  • client details of a transaction remain stored on the client side of line 201 throughout the transaction process and are only temporarily seen on the host side during hashing and for processing the transaction result once authentication is confirmed.
  • the method may initialize ( 205 ) when a host server receives a message to begin processing an online transaction from a client side server.
  • the host side may transmit a message to the client side server to identify transaction information of the online transaction and process for presentation to the host side.
  • the client side may generate ( 210 ) a first client side unique cryptographic hash function representing the identified transaction information details.
  • the generated client side hash function and the transaction details may be presented to the host side server.
  • the host side server may read the transaction details and generate ( 215 ) a first cryptographic host side hash function of the transaction details following the same rules for hash generation as the client side.
  • the host side may compare it to the first client side generated hash function to ensure the system is generating congruent hashing of the transaction.
  • the transaction details presented by the client side to the host side are transient and are not stored by the host side. Aspects of the present invention provide security of the information by using hashing without storing the client's transaction details.
  • the host side may compare the generated first client side hash function to the generated first host side hash function and determine ( 220 ) whether the generated first client side hash function matches the generated first host side hash function. Should the hashes not match, an error message may be sent ( 225 ) to the client side, which when received ( 230 ) may in turn perform the client side hash generation step again until there is congruency between the client side and the host side.
  • the first host side hash function may be stored ( 235 ) in the host side server as a file 240 without storing the identified transaction information in the file 240 .
  • the transaction details and the online transaction may be processed ( 245 ) by the host side server.
  • the client may be instructed to retain the transaction's details for reference during requests to re-process the transaction in the future.
  • the transaction results may be delivered to the client who receives ( 250 ) the results.
  • the method 200 and the method 300 may be embodied together or separately but as may be appreciated, typically the results of the method 200 are used to perform re-processing of a transaction without having to access stored client details from the host server side because the client details do not exist on the host side of line 201 and are thus protected from unauthorized access by entities trying to steal database information from the host side.
  • the client side may request ( 305 ) re-processing of the transaction.
  • the host side may prompt ( 310 ) the client side to present the original transaction details in response to the request.
  • the client side may generate ( 315 ) a hash function representing the details of the transaction.
  • the client side hash function follows the same rules used for example in method 200 , which may result in this instance of the hash function being the same as the first client side hash function generated in block 210 .
  • the host side server may read the transaction details and generate ( 320 ) a second cryptographic host side hash function of the transaction details following the same rules for hash generation as the client side.
  • the host side may compare it to the second client side generated hash function to ensure the system is generating congruent hashing of the transaction.
  • the host side may compare the generated second client side hash function to the generated second host side hash function and determine ( 325 ) whether the generated second client side hash function matches the generated second host side hash function.
  • an error message may be sent ( 340 ) to the client side, which when received ( 345 ) may in turn perform the client side hash generation step again until there is congruency between the client side and the host side.
  • the host side may compare ( 330 ) and determine ( 350 ) whether the second host side hash function matches the stored first host side hash function file 240 .
  • a negative result may cause the host side to deny ( 365 ) the requested transaction, the message for which may be received ( 370 ) by the client side.
  • a positive match may cause the host side to re-process ( 355 ) the transaction and deliver the results which may be received ( 360 ) by the client side.
  • the method 200 a is similar to the method 200 of FIG. 3 but for sake of illustration, the steps related to a negative hash comparison result are omitted.
  • the method 300 a is similar to the method 300 of FIG. 4 except that at block 315 a , the client side does not necessarily generate a second client side hash function and may merely present the transaction details associated with the re-processing request to the host side.
  • the host side may generate ( 320 a ) a second host side hash function based on the presented transaction details.
  • the second host side hash function may be compared to the stored first host side hash function file 240 .
  • the host side may determine ( 350 a ) whether the second host side hash function matches the stored first host side hash function file 240 .
  • this embodiment uses hashing authentication on just the host side without the need to store the client's transaction details/information on the host side.
  • Blocks 355 a - 370 a follow similar actions to blocks 355 - 370 of FIG. 4 to provide authentication results of block 350 a.
  • FIG. 7 shows an exemplary process 400 of auditing transactions according to embodiments described above.
  • users including auditors, clients, system administrators can check if transactions meet the hash function checks described above.
  • the blocks shown describe general features of steps that may be used in authenticating whether a transaction request matches the hash function associated with a user and the transaction.

Abstract

A system, method and computer program product protects client information used for online transactions by storing transaction details on the client side of a network and avoiding storage on the host side. A hash function may be generated representing a transaction and its details on both the client and server sides. For the transaction to be processed, the hash function from the client side must match the hash function on the host side. Once authenticated, the transaction details may be read and processed while maintaining storage of the client information on the client side of the network.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
None.
BACKGROUND
The embodiments herein relate generally to network security and more particularly, to systems and processes for protecting client side information in electronic transactions.
With the increasing popularity of online transactions, users are increasingly placing sensitive information in the hands of third parties. For example, a routine online purchase typically involves having the user provide sensitive information including identity, residence, and financial information. At some point, conventional online transactions pull the transaction details onto the host side and store the details on the host platform's server. The host platform may conveniently access the stored transaction details for subsequent transactions. Unfortunately, this makes host servers great targets for data thieves because multiple individual's information is conveniently accessible in one location which if broken into, can become a massive data breach worth the effort.
As can be seen, there is a need for a system and method to improve protection of the client's (user's) information during online transactions.
SUMMARY
In one aspect of the subject technology, a computer program product for performing network based transactions and protecting client information, the computer program product comprising a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code being configured to: receive by a processor on a host side server of a network, a message to begin processing an online transaction; transmit by the processor on the host side of the network a message to a client side server to identify transaction information of the online transaction and generate a first client side hash function representing the identified transaction information; generate, in the host side server, a first host side hash function representing the identified transaction information; compare the generated first client side hash function to the generated first host side hash function; determine whether the generated first client side hash function matches the generated first host side hash function; in response to the generated first client side hash function matching the generated first host side hash function, store the generated first host side hash function in the host side server without storing the identified transaction information in the host side server; and process by the host side server, the online transaction.
In another aspect of the subject technology, a method of performing network based transactions and protecting client information comprises receiving by a processor on a host side server of a network, a message to begin processing an online transaction; transmitting by the processor on the host side of the network a message to a client side server to identify transaction information of the online transaction and generate a first client side hash function representing the identified transaction information; generating, in the host side server, a first host side hash function representing the identified transaction information; comparing the generated first client side hash function to the generated first host side hash function; determining whether the generated first client side hash function matches the generated first host side hash function; in response to the generated first client side hash function matching the generated first host side hash function, storing the generated first host side hash function in the host side server without storing the identified transaction information in the host side server; and processing by the host side server, the online transaction.
BRIEF DESCRIPTION OF THE FIGURES
The detailed description of some embodiments of the invention is made below with reference to the accompanying figures, wherein like numerals represent corresponding parts of the figures.
FIG. 1 is a block diagram of a computer system/server according to an embodiment of the subject technology.
FIG. 2 is a block diagram of a network according to an embodiment of the subject technology.
FIG. 3 is a flowchart of a method of performing network based transactions and protecting client information in an initial transaction according to an embodiment of the subject technology.
FIG. 4 is a flowchart of a method of performing network based transactions and protecting client information in a secondary transaction according to an embodiment of the subject technology.
FIG. 5 is a flowchart of a method of performing network based transactions and protecting client information in an initial transaction according to another embodiment of the subject technology.
FIG. 6 is a flowchart of a method of performing network based transactions and protecting client information in a secondary transaction according to another embodiment of the subject technology.
FIG. 7 is a flowchart of a method of auditing transactions and associated hash functions in a system according to an embodiment of the subject technology.
 DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS
In general, embodiments of the disclosed invention provide a system and process that identifies electronic transactions and allows re-processing of the transactions without needing to store transaction details on the host or merchant side. In one aspect, transaction details are stored on the client side of a transaction until a hash security function is confirmed so that the details are immune from being intercepted on the host side of the transaction.
Referring now to FIG. 1, a schematic of an example of a computer system/server 10 is shown. The computer system/server 10 is shown in the form of a general-purpose computing device. The components of the computer system/server 10 may include, but are not limited to, one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 to the processor 16.
The computer system/server 10 may perform functions as different machine types depending on the role in the system the function is related to. For example, depending on the function being implemented at any given time when interfacing with the system, the computer system/server 10 may be for example, personal computer systems, server computer systems, tablet devices, mobile telephone devices, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, and distributed cloud computing environments that include any of the above systems or devices, and the like. The computer system/server 10 may be described in the general context of computer system executable instructions, such as program modules, being executed by a computer system (described for example, below). In some embodiments, the computer system/server 10 may be a cloud computing node connected to a cloud computing network (not shown). The computer system/server 10 may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
The computer system/server 10 may typically include a variety of computer system readable media. Such media could be chosen from any available media that is accessible by the computer system/server 10, including non-transitory, volatile and non-volatile media, removable and non-removable media. The system memory 28 could include one or more computer system readable media in the form of volatile memory, such as a random access memory (RAM) 30 and/or a cache memory 32. By way of example only, a storage system 34 can be provided for reading from and writing to a non-removable, non-volatile magnetic media device typically called a “hard drive” (not shown). The system memory 28 may include at least one program product 40 having a set (e.g., at least one) of program modules 42 that are configured to carry out the functions of embodiments of the invention. For examples and as described more fully below, the program modules 42 may execute via the processor 16, actions related to generating a hash for a transaction, comparing hashes from the client side to hashes of the host side, processing transaction details, and delivering/receiving transaction processing results.
The computer system/server 10 may also communicate with one or more external devices 14 such as a keyboard, a pointing device, a display 24, etc.; and/or any devices (e.g., network card, modem, etc.) that enable the computer system/server 10 to communicate with one or more other computing devices. Such communication can occur via Input/Output (I/O) interfaces 22. Alternatively, the computer system/server 10 can communicate with one or more networks such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) via a network adapter 20. As depicted, the network adapter 20 may communicate with the other components of the computer system/server 10 via the bus 18.
As will be appreciated by one skilled in the art, aspects of the disclosed invention may be embodied as a system, method or process, or computer program product. Accordingly, aspects of the disclosed invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module,” or “system.” Furthermore, aspects of the disclosed invention may take the form of a computer program product embodied in one or more computer readable media having computer readable program code embodied thereon.
Any combination of one or more computer readable media (for example, storage system 34) may be utilized. In the context of this disclosure, a computer readable storage medium may be any tangible or non-transitory medium that can contain, or store a program (for example, the program product 40) for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
Aspects of the disclosed invention are described below with reference to block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor 16 of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
Referring now to FIG. 2, a block diagram of a system 100 for performing network based transactions and protecting client information is shown. The system 100 may connect a client side 110 to a host side 130 through a network 120. The network 120 may include a server 125 which may serve as an intermediary between the client side 110 and the host side 130. The client side, the server 125, and the host side may each include a software embodiment of the invention for conducting transactions between the client side 110 and the host side 130. It will be understood that the client side 110 device(s), the host side 130 device(s), and the server 125 may function for example, under the description the computer system/server 10 of FIG. 1. As described below, methods for performing network based transactions provide security for the user by maintaining stored records of transaction details on the client side 110 while providing the transaction details to the host side 130 only for the purposes of generating hash functions and executing the transaction once hash authentication is confirmed. The end user is thus protected from for example, breaches of security on the host side 130 which expose sensitive client information to hackers and identity thieves who target databases storing multiple client users' personal information.
Referring now to FIG. 3, a method 200 of performing network based transactions and protecting client information in an initial transaction is shown. A line 201 conceptually represents the border between the client side and the host side. As will be appreciated, client details of a transaction remain stored on the client side of line 201 throughout the transaction process and are only temporarily seen on the host side during hashing and for processing the transaction result once authentication is confirmed. The method may initialize (205) when a host server receives a message to begin processing an online transaction from a client side server. The host side may transmit a message to the client side server to identify transaction information of the online transaction and process for presentation to the host side. The client side may generate (210) a first client side unique cryptographic hash function representing the identified transaction information details. During the generation of the first client side hash function, an audit for completeness of the information being represented by hashing may be performed. The generated client side hash function and the transaction details may be presented to the host side server. The host side server may read the transaction details and generate (215) a first cryptographic host side hash function of the transaction details following the same rules for hash generation as the client side. The host side may compare it to the first client side generated hash function to ensure the system is generating congruent hashing of the transaction. As may be appreciated, the transaction details presented by the client side to the host side are transient and are not stored by the host side. Aspects of the present invention provide security of the information by using hashing without storing the client's transaction details. The host side may compare the generated first client side hash function to the generated first host side hash function and determine (220) whether the generated first client side hash function matches the generated first host side hash function. Should the hashes not match, an error message may be sent (225) to the client side, which when received (230) may in turn perform the client side hash generation step again until there is congruency between the client side and the host side. In response to the first client side hash function matching the first host side hash function, the first host side hash function may be stored (235) in the host side server as a file 240 without storing the identified transaction information in the file 240. The transaction details and the online transaction may be processed (245) by the host side server. In some embodiments, the client may be instructed to retain the transaction's details for reference during requests to re-process the transaction in the future. The transaction results may be delivered to the client who receives (250) the results.
Referring now to FIG. 4, a method 300 of performing network based transactions and protecting client information in a secondary transaction is shown. The method 200 and the method 300 may be embodied together or separately but as may be appreciated, typically the results of the method 200 are used to perform re-processing of a transaction without having to access stored client details from the host server side because the client details do not exist on the host side of line 201 and are thus protected from unauthorized access by entities trying to steal database information from the host side. The client side may request (305) re-processing of the transaction. The host side may prompt (310) the client side to present the original transaction details in response to the request. The client side may generate (315) a hash function representing the details of the transaction. Generally, the client side hash function follows the same rules used for example in method 200, which may result in this instance of the hash function being the same as the first client side hash function generated in block 210. The host side server may read the transaction details and generate (320) a second cryptographic host side hash function of the transaction details following the same rules for hash generation as the client side. The host side may compare it to the second client side generated hash function to ensure the system is generating congruent hashing of the transaction. The host side may compare the generated second client side hash function to the generated second host side hash function and determine (325) whether the generated second client side hash function matches the generated second host side hash function. Should the hashes not match, an error message may be sent (340) to the client side, which when received (345) may in turn perform the client side hash generation step again until there is congruency between the client side and the host side. In response to the second client side hash function matching the second host side hash function, the host side may compare (330) and determine (350) whether the second host side hash function matches the stored first host side hash function file 240. A negative result may cause the host side to deny (365) the requested transaction, the message for which may be received (370) by the client side. A positive match may cause the host side to re-process (355) the transaction and deliver the results which may be received (360) by the client side.
Referring now to FIGS. 5 and 6, methods 200 a and 300 a of performing network based transactions and protecting client information in an initial transaction and a secondary transaction are shown. The method 200 a is similar to the method 200 of FIG. 3 but for sake of illustration, the steps related to a negative hash comparison result are omitted. The method 300 a is similar to the method 300 of FIG. 4 except that at block 315 a, the client side does not necessarily generate a second client side hash function and may merely present the transaction details associated with the re-processing request to the host side. The host side may generate (320 a) a second host side hash function based on the presented transaction details. The second host side hash function may be compared to the stored first host side hash function file 240. The host side may determine (350 a) whether the second host side hash function matches the stored first host side hash function file 240. As can be seen, this embodiment uses hashing authentication on just the host side without the need to store the client's transaction details/information on the host side. Blocks 355 a-370 a follow similar actions to blocks 355-370 of FIG. 4 to provide authentication results of block 350 a.
FIG. 7 shows an exemplary process 400 of auditing transactions according to embodiments described above. In general, users (including auditors, clients, system administrators can check if transactions meet the hash function checks described above. The blocks shown describe general features of steps that may be used in authenticating whether a transaction request matches the hash function associated with a user and the transaction.
Persons of ordinary skill in the art may appreciate that numerous design configurations may be possible to enjoy the functional benefits of the inventive systems. Thus, given the wide variety of configurations and arrangements of embodiments of the present invention the scope of the invention is reflected by the breadth of the claims below rather than narrowed by the embodiments described above.

Claims (6)

What is claimed is:
1. A computer program product for performing network based transactions and protecting client information, the computer program product comprising a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code being configured to:
receive by a processor on a host side server of a network, a message to begin processing an online transaction;
transmit by the processor on the host side of the network a message to a client side server to identify transaction information of the online transaction;
generate, from a client side computer, a first client side hash function representing the identified transaction information;
receive by the host side server, a transient copy of the identified transaction information;
generate, in the host side server, a first host side hash function of the identified transaction information;
compare the generated first client side hash function to the generated first host side hash function;
determine whether the generated first client side hash function matches the generated first host side hash function;
in response to the generated first client side hash function matching the generated first host side hash function, store the generated first host side hash function in the host side server without storing the identified transaction information in the host side server;
receive, by the host side server a request to process the online transaction from the client side computer;
transmit, by the host side server, a request to present the identified transaction information;
generate, from the client side computer, a second client side hash function, the second client side hash function being the same as the first client side hash function;
provide to the host side server in a message from the client side computer, the second client side hash function without including the identified transaction details in the message from the client side computer;
determine, by the host side server, whether the second client side hash function matches the first host side hash function; and
process by the host side server, the online transaction in response to the second client side hash function matching the first host side hash function.
2. The computer program product of claim 1, further comprising computer readable program code being configured to:
receive, by the host side server, a request from the client side server to re-process the online transaction;
receive, by the host side server from the client side server, a generated second client side hash function;
generate in the host side server, a second host side hash function representing transaction information in requested re-process of the online transaction;
compare by the host side server, the generated second client side hash function to the generated second host side hash function without storing the identified transaction information in the host side server;
determine whether the generated second client side hash function matches the generated second host side hash function; and
in response to the generated second client side hash function matching the generated second host side hash function, re-process the online transaction.
3. The computer program product of claim 2, further comprising computer readable program code being configured to:
compare by the host side server, the generated second host side hash function to the stored first host side hash function without storing the transaction information in the request from the client side server to re-process the online transaction in the host side server;
determine whether the generated second host side hash function matches the stored first host side hash function; and
in response to the generated second host side hash function matching the stored first host side hash function, re-process the online transaction.
4. The computer program product of claim 1, further comprising computer readable program code being configured to:
receive, by the host side server, a request from the client side server to re-process the online transaction;
receive, by the host side server from the client side server, identified transaction information associated with the request from the client side server to re-process the online transaction;
generate in the host side server, a second host side hash function representing transaction information in the request from the client side server to re-process the online transaction;
compare by the host side server, the generated second host side hash function to the stored first host side hash function without storing the transaction information in the request from the client side server to re-process the online transaction in the host side server;
determine whether the generated second host side hash function matches the stored first host side hash function; and
in response to the generated second host side hash function matching the stored first host side hash function, re-process the online transaction.
5. A method of performing network based transactions and protecting client information, comprising:
receiving by a processor on a host side server of a network, a message to begin processing an online transaction;
transmitting by the processor on the host side of the network a message to a client side server to identify transaction information of the online transaction and generate a first client side hash function representing the identified transaction information;
generating, in the host side server, a first host side hash function of the identified transaction information;
comparing the generated first client side hash function to the generated first host side hash function;
determining whether the generated first client side hash function matches the generated first host side hash function;
in response to the generated first client side hash function matching the generated first host side hash function, storing the generated first host side hash function in the host side server without storing the identified transaction information in the host side server;
processing by the host side server, the online transaction;
receiving, by the host side server, a request from the client side server to re-process the online transaction;
receiving, by the host side server from the client side server, a generated second client side hash function;
generating in the host side server, a second host side hash function representing transaction information in the requested re-process of the online transaction;
comparing by the host side server, the generated second client side hash function to the generated second host side hash function without storing the identified transaction information in the host side server;
determining whether the generated second client side hash function matches the generated second host side hash function;
comparing by the host side server, the generated second host side hash function to the stored first host side hash function without storing the transaction information in the request from the client side server to re-process the online transaction in the host side server;
determining whether the generated second host side hash function matches the stored first host side hash function; and
in response to:
the generated second client side hash function matching the generated second host side hash function, and
the generated second host side hash function matching the stored first host side hash function,
re-processing the online transaction.
6. A computer program product for performing network based transactions and protecting client information, the computer program product comprising a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code being configured to:
receive by a processor on a host side server of a network, a message to begin processing an online transaction;
transmit by the processor on the host side of the network a message to a client side server to identify transaction information of the online transaction and generate a first client side hash function representing the identified transaction information;
generate, in the host side server, a first host side hash function of the identified transaction information;
compare the generated first client side hash function to the generated first host side hash function;
determine whether the generated first client side hash function matches the generated first host side hash function;
in response to the generated first client side hash function matching the generated first host side hash function, store the generated first host side hash function in the host side server without storing the identified transaction information in the host side server;
process by the host side server, the online transaction;
receive, by the host side server, a request from the client side server to re-process the online transaction;
receive, by the host side server from the client side server, a generated second client side hash function;
generate in the host side server, a second host side hash function representing transaction information in the requested re-process of the online transaction;
compare by the host side server, the generated second client side hash function to the generated second host side hash function without storing the identified transaction information in the host side server;
determine whether the generated second client side hash function matches the generated second host side hash function;
compare by the host side server, the generated second host side hash function to the stored first host side hash function without storing the transaction information in the request from the client side server to re-process the online transaction in the host side server;
determine whether the generated second host side hash function matches the stored first host side hash function; and
in response to:
the generated second client side hash function matching the generated second host side hash function, and
the generated second host side hash function matching the stored first host side hash function,
re-process the online transaction.
US15/167,557 2016-05-27 2016-05-27 System and process of protecting client side information in electronic transactions Active 2036-10-15 US10104055B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/167,557 US10104055B2 (en) 2016-05-27 2016-05-27 System and process of protecting client side information in electronic transactions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15/167,557 US10104055B2 (en) 2016-05-27 2016-05-27 System and process of protecting client side information in electronic transactions

Publications (2)

Publication Number Publication Date
US20170346801A1 US20170346801A1 (en) 2017-11-30
US10104055B2 true US10104055B2 (en) 2018-10-16

Family

ID=60418407

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/167,557 Active 2036-10-15 US10104055B2 (en) 2016-05-27 2016-05-27 System and process of protecting client side information in electronic transactions

Country Status (1)

Country Link
US (1) US10104055B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10104055B2 (en) * 2016-05-27 2018-10-16 David Joseph Ponder System and process of protecting client side information in electronic transactions

Citations (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241599A (en) * 1991-10-02 1993-08-31 At&T Bell Laboratories Cryptographic protocol for secure communications
US20020052921A1 (en) * 2000-06-27 2002-05-02 Andre Morkel Systems and methods for managing contact information
US20020091734A1 (en) * 2000-11-13 2002-07-11 Digital Door, Inc. Data security system and method
WO2002065258A2 (en) * 2001-02-13 2002-08-22 Qualcomm Incorporated Method and apparatus for authenticating embedded software in a remote unit over a communications channel
US20030084291A1 (en) * 2001-10-19 2003-05-01 Masaya Yamamoto Device authentication system and device authentication method
US20030093671A1 (en) * 2001-11-13 2003-05-15 International Business Machines Corporation Method and system for authentication of a user
US20050036611A1 (en) * 2003-03-31 2005-02-17 Visa U.S.A., Inc. Method and system for secure authentication
US20050066355A1 (en) * 2003-09-19 2005-03-24 International Business Machines Corporation System and method for satellite broadcasting and receiving encrypted television data signals
US20050160095A1 (en) * 2002-02-25 2005-07-21 Dick Kevin S. System, method and computer program product for guaranteeing electronic transactions
US20070124820A1 (en) * 2005-11-30 2007-05-31 Novell, Inc. Techniques for preserving and managing identities in an audit log
US20080294903A1 (en) * 2007-05-23 2008-11-27 Kunihiko Miyazaki Authenticity assurance system for spreadsheet data
US7515901B1 (en) * 2004-02-25 2009-04-07 Sun Microsystems, Inc. Methods and apparatus for authenticating devices in a network environment
US20090319776A1 (en) * 2008-05-16 2009-12-24 Lloyd Leon Burch Techniques for secure network communication
US20100180328A1 (en) * 2007-06-26 2010-07-15 Marks & Clerk, Llp Authentication system and method
US20100268949A1 (en) * 2009-04-15 2010-10-21 Torsten Schuetze Method for protecting a sensor and data of the sensor from manipulation and a sensor to that end
US20100275010A1 (en) * 2007-10-30 2010-10-28 Telecom Italia S.P.A. Method of Authentication of Users in Data Processing Systems
US20110302646A1 (en) * 2009-02-19 2011-12-08 Troy Jacob Ronda System and methods for online authentication
US20120005738A1 (en) * 2009-03-17 2012-01-05 Rajen Manini Web application process
US20120008775A1 (en) * 2010-07-09 2012-01-12 Tata Consultancy Services Limited System and method for secure transaction of data between wireless communication device and server
US20120198531A1 (en) * 2011-01-31 2012-08-02 Microsoft Corporation Multi-device session pairing using a visual tag
US8412928B1 (en) * 2010-03-31 2013-04-02 Emc Corporation One-time password authentication employing local testing of candidate passwords from one-time password server
US20130117822A1 (en) * 2010-05-27 2013-05-09 Kcs Monetic Method and system for secure teletransmission
US20130159195A1 (en) * 2011-12-16 2013-06-20 Rawllin International Inc. Authentication of devices
US20140074721A1 (en) * 2012-09-10 2014-03-13 King Fahd University Of Petroleum And Minerals Hybrid virtual account and token-based digital cash protocols
US20140074720A1 (en) * 2012-09-10 2014-03-13 King Fahd University Of Petroleum And Minerals Virtual account and token-based digital cash protocols
US20150195280A1 (en) * 2014-01-08 2015-07-09 Panasonic Intellectual Property Management Co., Ltd. Authentication system and authentication method
US20150269539A1 (en) * 2014-03-18 2015-09-24 nTrust Technology Solutions Corp. Virtual currency system
US20150271183A1 (en) * 2014-03-18 2015-09-24 nTrust Technology Solutions Corp. Virtual currency system
US20150334108A1 (en) * 2014-05-15 2015-11-19 Verizon Patent And Licensing Inc. Global authentication service using a global user identifier
US20160203135A1 (en) * 2015-01-12 2016-07-14 International Business Machines Corporation In-memory latch-free index structure
US20160328713A1 (en) * 2015-05-05 2016-11-10 ShoCard, Inc. Identity Management Service Using A Blockchain Providing Identity Transactions Between Devices
US20170083909A1 (en) * 2015-09-22 2017-03-23 Bank Of America Corporation Internal vault storage of tokens for account identification
US20170346801A1 (en) * 2016-05-27 2017-11-30 David Joseph Ponder System and process of protecting client side information in electronic transactions

Patent Citations (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241599A (en) * 1991-10-02 1993-08-31 At&T Bell Laboratories Cryptographic protocol for secure communications
US20020052921A1 (en) * 2000-06-27 2002-05-02 Andre Morkel Systems and methods for managing contact information
US20020091734A1 (en) * 2000-11-13 2002-07-11 Digital Door, Inc. Data security system and method
WO2002065258A2 (en) * 2001-02-13 2002-08-22 Qualcomm Incorporated Method and apparatus for authenticating embedded software in a remote unit over a communications channel
US20030084291A1 (en) * 2001-10-19 2003-05-01 Masaya Yamamoto Device authentication system and device authentication method
US20030093671A1 (en) * 2001-11-13 2003-05-15 International Business Machines Corporation Method and system for authentication of a user
US20050160095A1 (en) * 2002-02-25 2005-07-21 Dick Kevin S. System, method and computer program product for guaranteeing electronic transactions
US20050036611A1 (en) * 2003-03-31 2005-02-17 Visa U.S.A., Inc. Method and system for secure authentication
US20050066355A1 (en) * 2003-09-19 2005-03-24 International Business Machines Corporation System and method for satellite broadcasting and receiving encrypted television data signals
US7515901B1 (en) * 2004-02-25 2009-04-07 Sun Microsystems, Inc. Methods and apparatus for authenticating devices in a network environment
US20070124820A1 (en) * 2005-11-30 2007-05-31 Novell, Inc. Techniques for preserving and managing identities in an audit log
US20080294903A1 (en) * 2007-05-23 2008-11-27 Kunihiko Miyazaki Authenticity assurance system for spreadsheet data
US20100180328A1 (en) * 2007-06-26 2010-07-15 Marks & Clerk, Llp Authentication system and method
US20100275010A1 (en) * 2007-10-30 2010-10-28 Telecom Italia S.P.A. Method of Authentication of Users in Data Processing Systems
US20090319776A1 (en) * 2008-05-16 2009-12-24 Lloyd Leon Burch Techniques for secure network communication
US20110302646A1 (en) * 2009-02-19 2011-12-08 Troy Jacob Ronda System and methods for online authentication
US20120005738A1 (en) * 2009-03-17 2012-01-05 Rajen Manini Web application process
US20100268949A1 (en) * 2009-04-15 2010-10-21 Torsten Schuetze Method for protecting a sensor and data of the sensor from manipulation and a sensor to that end
US8412928B1 (en) * 2010-03-31 2013-04-02 Emc Corporation One-time password authentication employing local testing of candidate passwords from one-time password server
US20130117822A1 (en) * 2010-05-27 2013-05-09 Kcs Monetic Method and system for secure teletransmission
US20120008775A1 (en) * 2010-07-09 2012-01-12 Tata Consultancy Services Limited System and method for secure transaction of data between wireless communication device and server
EP2416524A2 (en) * 2010-07-09 2012-02-08 Tata Consultancy Services Limited System and method for secure transaction of data between wireless communication device and server
US20120198531A1 (en) * 2011-01-31 2012-08-02 Microsoft Corporation Multi-device session pairing using a visual tag
US20130159195A1 (en) * 2011-12-16 2013-06-20 Rawllin International Inc. Authentication of devices
US20140074721A1 (en) * 2012-09-10 2014-03-13 King Fahd University Of Petroleum And Minerals Hybrid virtual account and token-based digital cash protocols
US20140074720A1 (en) * 2012-09-10 2014-03-13 King Fahd University Of Petroleum And Minerals Virtual account and token-based digital cash protocols
US20150195280A1 (en) * 2014-01-08 2015-07-09 Panasonic Intellectual Property Management Co., Ltd. Authentication system and authentication method
US20150269539A1 (en) * 2014-03-18 2015-09-24 nTrust Technology Solutions Corp. Virtual currency system
US20150271183A1 (en) * 2014-03-18 2015-09-24 nTrust Technology Solutions Corp. Virtual currency system
US20150334108A1 (en) * 2014-05-15 2015-11-19 Verizon Patent And Licensing Inc. Global authentication service using a global user identifier
US20160203135A1 (en) * 2015-01-12 2016-07-14 International Business Machines Corporation In-memory latch-free index structure
US20160328713A1 (en) * 2015-05-05 2016-11-10 ShoCard, Inc. Identity Management Service Using A Blockchain Providing Identity Transactions Between Devices
US20170083909A1 (en) * 2015-09-22 2017-03-23 Bank Of America Corporation Internal vault storage of tokens for account identification
US20170346801A1 (en) * 2016-05-27 2017-11-30 David Joseph Ponder System and process of protecting client side information in electronic transactions

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Alexandre Alapetite, "Dynamic 2D-barcodees for multi-device Web session migration including mobile phones", DOI 10.1007/s00779-009-0228-5, 2010. *
Jesus Diaz, "Password-based authentication", found at www.certsi.es, Jan. 2015. *

Also Published As

Publication number Publication date
US20170346801A1 (en) 2017-11-30

Similar Documents

Publication Publication Date Title
EP3610383B1 (en) Data isolation in blockchain networks
US10860710B2 (en) Processing and storing blockchain data under a trusted execution environment
US20210089300A1 (en) System and method for identifying particular computer platform associated with potential altered or falsified execution of copy of software
US10958436B2 (en) Methods contract generator and validation server for access control of contract data in a distributed system with distributed consensus
US10547444B2 (en) Cloud encryption key broker apparatuses, methods and systems
US10091230B1 (en) Aggregating identity data from multiple sources for user controlled distribution to trusted risk engines
US20170344988A1 (en) System and method for facilitating blockchain-based validation
US20180005235A1 (en) Electronic transaction risk assessment based on digital identifier trust evaluation
US10726111B2 (en) Increased security using dynamic watermarking
US20180254904A1 (en) Integrated authentication system for authentication using single-use random numbers
US20120030475A1 (en) Machine-machine authentication method and human-machine authentication method for cloud computing
WO2021204273A1 (en) Asset type registration and transaction record verification
US11494769B2 (en) System, methods and computer program products for identity authentication for electronic payment transactions
CN113302610B (en) Trusted platform based on blockchain
CN109447791B (en) Block chain-based fund transaction method and device
US20190081794A1 (en) Systems and methods for user identity
CN115380303A (en) Trusted platform based on block chain
CN112967056A (en) Access information processing method and device, electronic equipment and medium
JP7447127B2 (en) Preventing the sending of accidental copies of data records to a distributed ledger system
US20230109544A1 (en) Systems and methods for conducting remote attestation
US10104055B2 (en) System and process of protecting client side information in electronic transactions
CN116015840B (en) Data operation auditing method, system, equipment and storage medium
US11133926B2 (en) Attribute-based key management system
CN113491090B (en) Trusted platform based on blockchain
CN114398678A (en) Registration verification method and device for preventing electronic file from being tampered, electronic equipment and medium

Legal Events

Date Code Title Description
STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 4